How do we use Microsoft products to protect our cloud users from attacks
There are a few cases out there, where businesses and government entities has been attacked, and in the media it looks like there has been some super sophisticated attack and that it was impossible to defend against, and as many of us know that usually isn’t true. There have been weaknesses, and someone has found out about them.
And yes, there are cases where companies that have had good security solutions have been compromized anyway, but many times, we see a surprising lack of security out there, many of which are cases where they think “So far so good. We don’t need more security.” The fact that they have been hacked doesn’t prove them wrong, because we need to admit that just about everyone can be hacked. But in many cases the attacks could have been prevented. This blog won’t give you more than an overview of some of the features I think you should look more at when you have moved to Microsoft 365. I will also note that some of these will require a higher license, and therefore more cost.
There is not one single system that can protect you
If anyone is trying to sell you a solution that will be all you need, I think we can safely say: That sounds way to good to be true. When we set up security solutions for a company, we use several things that together provide pretty good security. Some of the solutions we use are listed below:
What's the score?
Microsoft uses Secure Score to "gamify" your security. Using Secure Score is a great way to gain insight into your current status, and it will also guide you through your improvement options. Read more about this here: Microsoft Secure Score
A funny thing is how some “security specialists” talk to the media about passwords, as if that is the most important thing in the world. It is usually the same guys that says things like: We can't secure everything etc. At the same time a few big security companies say: The password is dead. A password should never be the only thing keeping attackers at bay.
Speaking of passwords and their death, Windows Hello can make life a lot easier for our users. Using facial unlock or biometric security can make logging in, an easy and time saving experience. A guide can be found here: Set up windows hello on your pc.
Microsoft Defender Advanced Threat Protection
Using MD ATP, brings the power of the cloud to our computers. We have a great antivirus, with protection gained from the machine learning of Azure, and all other users of Azure. Say a user is compromised, using MD ATP. This will set into motion a lot of things in the background, and protection to all other users can be rolled out in minutes. The bad rabbit attack (crypto virus) is a great example of how something that could have been huge, was stopped in minutes for all users with MD ATP. We can also note that Defender ATP is also available for Mac. More info can be found here: Microsoft Defender Advanced Threat Protection
MFA – Multi Factor Authentication
Yes, we know. The extra security can be a hassle. We don’t like to have to type in our password even, so what happens if we put in extra factors? Users become annoyed, and we don’t want that. We want to give them a good platform, that makes their job easy, and we don’t want to put in a lot of obstacles. So we set up MFA, but maybe we turn that off for users that are in the office. We set up the proper trusted IP’s and say that if you are on that range, you don’t need MFA. Good plan, right? Not really. This makes it pretty easy for an attacker that has gained access to our network to hack into our accounts. Much better to say that you always need to use MFA, but when you have put in MFA details on your computer, you can check a check box, saying that you don’t need to do that again for a few weeks. This means a hacker would have to gain access to that specific computer, and the credentials for that specific computer to be able to abuse this. And for this we have other security features. More info can be found here: Set up multi-factor authentication
Protect our e-mail accounts with Office 365 Advanced Threat Protection
Office 365 ATP can help prevent attacks by protecting us against phishing campaigns, setting up safe links/safe attachments and much more. I have seen Office 365 ATP keep customers safe as they have been targeted by big campaigns. As with all other security products we need to set this up and not just use it as it comes out of the box. Read more here: Office 365 Advanced Threat Protection
Device management - Intune
If we want to protect our devices, we need to have some sort of management. For me, this will often be Intune, or even the device management included in Office 365. This gives us a lot of control of devices, and how they are used, and also allows us to be able to wipe a missing device, and thus remove the info that could be useful for a hacker. You can more info here: Microsoft Intune is an MDM and MAM provider for your devices
Protect our identities with Azure Identity Protection
How awesome would it be to have a system that monitored all things that happened to our accounts? Suspicious behavior, someone logging on from a unusual location, putting in wrong details, from an unmanaged device etc. etc. And imagine if this system could even automate remediation of risks against your identities? And we do have a system like that. We have Identity Protection. You can find more about this here: What is Identity Protection?
MCAS – Microsoft Cloud App Security
Building on the previous point, we need a place where we can gather security info into a view where we can see things more clearly. Also we can set up app based conditional access, flows for logging, and actions taken when certain events occur, control Shadow IT, help label and encrypt sensitive data and much, much more. Most of our customers that start using MCAS, says it gives them huge improvements when it comes to insights into their cloud organization. Read more here: Microsoft Cloud App Security overview
Many other features that we will look at in this blog. And remember, even though they are right, those people who say: You can't be 100% secure, you can have pretty good security, and you can have it without your users hating you. You can read more about Microsoft Security here: https://www.microsoft.com/en-us/security/business